CVE-2021-27935

{"id": "CVE-2021-27935", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-03-03T20:15:12.437", "references": [{"url": "https://github.com/AdguardTeam/AdGuardHome/issues/2470", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/AdguardTeam/AdGuardHome/issues/2470", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is able to bruteforce their password offline, because the hash of the password is stored in the cookie."}, {"lang": "es", "value": "Se detect\u00f3 un problema en AdGuard anterior a la versi\u00f3n 0.105.2. Un atacante capaz de obtener la cookie del usuario puede forzar su contrase\u00f1a fuera de l\u00ednea, porque el hash de la contrase\u00f1a es almacenado en la cookie"}], "lastModified": "2024-11-21T05:58:51.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adguard:adguard_home:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8978CCDB-CABE-49C9-A3B7-9F55F8AF474F", "versionEndExcluding": "0.105.2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}